On Wed, 2 Feb 2005, David Byron wrote:

> How does this work for you all?

> do {
> size_t buffersize = data->set.buffer_size?
> - data->set.buffer_size:BUFSIZE -1;
> + data->set.buffer_size:BUFSIZE;

Sorry, but I don't believe it is a good fix. This is exactly the same change
as increasing the buffer size define with one.

The reason for the -1 in there is found further down:

         /* NULL terminate, allowing string ops to be used */
         if (0 < nread || is_empty_data)
           k->buf[nread] = 0;

... so with your patch, there's a single-byte buffer overflow.

-- 
      Daniel Stenberg -- http://curl.haxx.se -- http://daniel.haxx.se
       Dedicated custom curl help for hire: http://haxx.se/curl.html